Security risk in Xerox printers could allow hackers to access your systems.
There is already an update available, so go ahead and update now.
Cybersecurity researchers have identified two vulnerabilities in Xerox Versalink MFP multifunction printers that could be exploited through "pass-back" attacks to steal login credentials. The announcement comes from Rapid7, which conducted a thorough security analysis and discovered that these flaws affect certain firmware versions, specifically versions 57.69.91 and earlier.
The vulnerabilities have been assigned two CVEs: CVE-2024-12510 for LDAP access and CVE-2024-12511 for SMB/FTP. They have been given severity scores of 6.7 out of 10 (medium) and 7.6 out of 10 (high), respectively. According to researchers, this type of attack allows a malicious actor to modify the configuration of the multifunction printer, consequently causing it to send authentication credentials back to the attacker.
Technical details indicate that if an attacker gains access to the printer’s administrative settings and is using LDAP for authentication, they could change the LDAP server to one they control, thereby capturing the login credentials. Additionally, they could exploit the printer's file scanning function to steal SMB or FTP credentials, which, in turn, could compromise critical systems such as Windows Active Directory.
For this attack to be successful, the attacker needs the SMB or FTP scanning feature to be configured in the user's address book and must also have physical access to the printer's console or remote control console via the web interface. Researchers emphasize that this may require administrative access unless user access to the remote control console has been enabled.
Xerox has taken action regarding this vulnerability and released Service Pack 57.75.53 to address the issue in the VersaLink C7020, 7025, and 7030 printer series. For those who cannot apply patches immediately, it is recommended to establish stronger passwords for administrator accounts, avoid using high-privilege Windows authentication accounts, and disable the remote control console for unauthenticated users.
